Although people may argue that data is not safe in the Cloud because using cloud infrastructure requires trusting another party to look after mission critical data, cloud services actually are more secure than legacy systems. In fact, a recent study on the state of cloud security in the enterprise market revealed that 64 percent of medium and large businesses believe cloud infrastructure is more secure than legacy systems.
What factors contribute to positive and negative impressions of cloud security? What should businesses do to protect their data better?
You cannot blame people for being worried about cloud security. Everyone remembers the Target and Home Depot breaches, which compromised tens of millions of customer credit card information, as well as the Apple iCloud hack that leaked private celebrity photos to the public. These incidents caused many major news outlets to question cloud security. However, the media forgot to mention that these three high-profile attacks did not have much to do with cloud computing.
Target allowed a third-party to access its network, and then hackers got ahold of that third party’s log in credentials. Home Depot was attacked in much the same way, with hackers stealing a vendor’s login, accessing the network, and then using custom malware to get around the company’s antivirus software.
Even large businesses have mixed feelings about security in the cloud, naming it both the number one benefit and most frequently encountered challenge.
“Many recent data breaches have been reported incorrectly. … In most cases, it is human error, and the Cloud cannot protect you from that.” – Jason Reichl, CEO, Go Nimbly
Despite these events, this year, 90 percent of enterprises plan to increase or maintain their annual spending on cloud computing. If cloud infrastructure were such a risk, businesses would not be investing in the platform at such high rates.
David Linthicum, Senior Vice President of Cloud Technology Partners, says to think about cloud security systems like this: is your money safer stuffed in a mattress at home where you have control of it or with your local bank? A bank, obviously, is better positioned to protect your money because they have a vault and security cameras and are insured. Likewise, a cloud service provider (CSP) is better positioned to protect your data because they invest in 24-7 monitoring, the best cyber security tools, and physical barriers, such as video surveillance and biometric scanning.
Unfortunately, cloud infrastructure security on its own, out-of-the-box, is not enough to safeguard your business’ crucial data.
What steps should businesses take to ensure data security, when using cloud infrastructure?
Migrating to the cloud starts with selecting a CSP that fits your business’ needs. It is important to recognize that not all CSPs are equal.
In 2013, former Editor in Chief of Yahoo Tech Dan Tynan detailed his experience with Box. In particular, he talked about how all his Box files once disappeared for six months. Specifically, his login didn’t work and the company could not locate the account associated with his email. This means Tynan’s data was missing for half a year, which raises concerns about stolen information. Who had access to his data?
National Security Agency (NSA) whistleblower Edward Snowden also warned against relying on the security features of another popular cloud service, Dropbox.
“Dropbox? Get rid of Dropbox. It doesn’t support encryption. It doesn’t protect your private files. Use competitors, like SpiderOak, that do the same exact service, but they protect the content of what you’re sharing,” Snowden said in a 2014 interview with the New Yorker.
Indeed, it is true: some CSPs are more secure than others. For example, the difference between Dropbox and SpiderOak is that Dropbox, as well as many other major CSPs, encrypts data on its own servers but does not encrypt data locally, leaving it vulnerable to attacks. Conversely, SpiderOak encrypts data on both your local servers and their personal servers, reducing the opportunity for a security breach.
Regardless of the CSP your business uses, additional local security measures, such as data encryption, improved identity access policies, and regular audits, will minimize the possibility of a costly cyber attack.
By Sarah Patrick
